From 72682762e5f3b0b554f86d33c36ff1bfa7b52ce7 Mon Sep 17 00:00:00 2001
From: roland <roland@catalogix.se>
Date: Thu, 5 Dec 2019 10:47:53 +0100
Subject: [PATCH 1/3] A backchannel logout request shall according to the spec
 except 501 and 504 responses beside 200 OK.

---
 src/oic/oic/provider.py           |  5 ++++
 tests/test_oic_provider_logout.py | 50 +++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/src/oic/oic/provider.py b/src/oic/oic/provider.py
index f0ea2a6ae..6fb31b89c 100644
--- a/src/oic/oic/provider.py
+++ b/src/oic/oic/provider.py
@@ -2298,6 +2298,11 @@ def do_verified_logout(
 
                 if res.status_code < 300:
                     logger.info("Logged out from {}".format(_cid))
+                elif res.status_code in [501, 504]:
+                    logger.info(
+                        "Received a %s error, which is OK according to the spec",
+                        res.status_code,
+                    )
                 else:
                     _errstr = "failed to logout from {}".format(_cid)
                     if self.events:
diff --git a/tests/test_oic_provider_logout.py b/tests/test_oic_provider_logout.py
index 903507e68..f1aaa9f46 100644
--- a/tests/test_oic_provider_logout.py
+++ b/tests/test_oic_provider_logout.py
@@ -1085,3 +1085,53 @@ def test_logout_from_clients_one_without_logout_info(self):
         assert set(res.keys()) == {"back_channel", "front_channel"}
         assert set(res["back_channel"].keys()) == {"number5"}
         assert set(res["front_channel"].keys()) == {"number5"}
+
+    def test_do_bc_logout_501_response(self):
+        self._code_auth()
+
+        # client0
+        self.provider.cdb["number5"][
+            "backchannel_logout_uri"
+        ] = "https://example.com/bc_logout"
+        self.provider.cdb["number5"]["client_id"] = "number5"
+
+        try:
+            del self.provider.cdb["number5"]["frontchannel_logout_uri"]
+        except KeyError:
+            pass
+
+        # Get a session ID, anyone will do.
+        # I know the session backend DB is a DictSessionBackend so I can use that
+        _sid = list(self.provider.sdb._db.storage.keys())[0]
+
+        with responses.RequestsMock() as rsps:
+            rsps.add(rsps.POST, "https://example.com/bc_logout", status=501)
+            res = self.provider.do_verified_logout(_sid, "number5", alla=True)
+
+        # Accepted the 501
+        assert set(res.keys()) == {'cookie'}
+
+    def test_do_bc_logout_504_response(self):
+        self._code_auth()
+
+        # client0
+        self.provider.cdb["number5"][
+            "backchannel_logout_uri"
+        ] = "https://example.com/bc_logout"
+        self.provider.cdb["number5"]["client_id"] = "number5"
+
+        try:
+            del self.provider.cdb["number5"]["frontchannel_logout_uri"]
+        except KeyError:
+            pass
+
+        # Get a session ID, anyone will do.
+        # I know the session backend DB is a DictSessionBackend so I can use that
+        _sid = list(self.provider.sdb._db.storage.keys())[0]
+
+        with responses.RequestsMock() as rsps:
+            rsps.add(rsps.POST, "https://example.com/bc_logout", status=504)
+            res = self.provider.do_verified_logout(_sid, "number5", alla=True)
+
+        # Accepted the 504
+        assert set(res.keys()) == {'cookie'}
\ No newline at end of file

From 4019a8794fa205e78c6fc57133d346af8e63e925 Mon Sep 17 00:00:00 2001
From: roland <roland@catalogix.se>
Date: Thu, 5 Dec 2019 10:49:56 +0100
Subject: [PATCH 2/3] isort, blacken, mypy and pylama changes.

---
 tests/test_oic_provider_logout.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/test_oic_provider_logout.py b/tests/test_oic_provider_logout.py
index f1aaa9f46..2f574431c 100644
--- a/tests/test_oic_provider_logout.py
+++ b/tests/test_oic_provider_logout.py
@@ -1109,7 +1109,7 @@ def test_do_bc_logout_501_response(self):
             res = self.provider.do_verified_logout(_sid, "number5", alla=True)
 
         # Accepted the 501
-        assert set(res.keys()) == {'cookie'}
+        assert set(res.keys()) == {"cookie"}
 
     def test_do_bc_logout_504_response(self):
         self._code_auth()
@@ -1134,4 +1134,4 @@ def test_do_bc_logout_504_response(self):
             res = self.provider.do_verified_logout(_sid, "number5", alla=True)
 
         # Accepted the 504
-        assert set(res.keys()) == {'cookie'}
\ No newline at end of file
+        assert set(res.keys()) == {"cookie"}

From a8fc2921c82379d88fea9185d1ca611501aed1b0 Mon Sep 17 00:00:00 2001
From: roland <roland@catalogix.se>
Date: Thu, 5 Dec 2019 10:55:13 +0100
Subject: [PATCH 3/3] Added PR to CHANGELOG.md

---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d0c327a5e..30353ce40 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,8 +9,10 @@ The format is based on the [KeepAChangeLog] project.
 
 ### Added
 - [#719] Add support for JWT registration tokens
+- [#725] Accepting 501 and 504 responses on backchannel logout request
 
 [#719]: https://github.com/OpenIDC/pyoidc/pull/719
+[#725]: https://github.com/OpenIDC/pyoidc/pull/725
 
 ## 1.1.2 [2019-11-23]